After upgrading to Symantec Endpoint Protection (SEP) 14, the option 'disable Symantec Endpoint Protection' on Clients is automatically available. Before upgrade SEP from 12.1 to 14, a user's ability to 'disable Symantec Endpoint Protection' on Clients is blocked by policies.
But after upgrading to SEP14, 'disable Symantec Endpoint Protection' option on SEP Clients automatically becomes available as below:
For SEP12.1, you can follow How to block a user's ability to disable Symantec Endpoint Protection on Clients to
block a user's ability to disable Symantec Endpoint Protection on Clients.
But for SEP14, many new features introduced, please see What's new in Symantec Endpoint Protection 14 for more details.
Generic Exploit Mitigation is introduced in intrusion prevention, there is a lock symbol next to Enable Generic Exploit Mitigation,which is default unlocked as below:
Upgrade SEP Clients and SEPM from 12.1 to 14. Full Protection for Clients.
Follow the instructions in the links below to block the user's ability to disable SEP:
Click the lock symbol next to Enable Generic Exploit Mitigation to lock this feature as below:
For 14.2 versions, follow the steps below to lock Memory Exploit Mitigation (Aka GEM).
Repeat the steps above for each MEM policy assigned for the SEPM groups and locations.
After the policy updated to SEP clients, then 'disable Symantec Endpoint Protection' option on clients will become unavailable and turns gray as below: